FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Manager, Security Governance, Risk & Compliance
CommerceManager of Security GRC responsible for audit programs ensuring compliance at Commerce. Leading teams and engaging with stakeholders across business units and regulatory requirements.
Posted 7/4/2026full-timeLondon • Texas • 🇺🇸 United StatesMid-LevelSenior💰 $112,870 - $169,306 per yearWebsite
Tech Stack
Tools & technologiesCloud
About the role
Key responsibilities & impact- Own the end-to-end lifecycle of Commerce's core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.
- Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit-ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.
- Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.
- Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point-in-time evidence collection and eliminating audit fatigue organization-wide.
- Own the tracking and closure of audit findings and control gaps across Commerce, Feedonomics, and Makeswift. Partner with control owners to deliver pragmatic, risk-informed remediation plans within defined timelines.
- Direct the ongoing maturity of Commerce's PCI DSS 4.0 program, including Targeted Risk Analyses (TRAs), customized approach applicability, and annual assessment planning.
- Partner with Cloud Engineering to validate and maintain PCI scope across Commerce's global footprint, ensuring effective network segmentation and data flow isolation.
- Manage and support ISA-designated personnel; ensure the ISA function operates with rigor and consistency aligned to PCI Council standards.
- Oversee Commerce's Secure Controls Framework (SCF), built from NIST, ISO 27001, and PCI DSS, ensuring controls are designed, tested, and documented to satisfy multiple regulatory obligations simultaneously across all business units.
- Provide GRC leadership on architectural reviews, product launches, and infrastructure changes across Commerce, Feedonomics, and Makeswift to ensure regulatory requirements are addressed upstream — not as an afterthought.
- Stay ahead of emerging requirements across PCI, SOC, and ISO 27001:2022, translating regulatory changes into actionable program updates.
Requirements
What you’ll need- 6–10 years in Information Security, IT Audit, or GRC, with demonstrated ownership of enterprise-level audit programs (PCI, SOC 2, ISO 27001, or SOX).
- Proven track record managing Level 1 Service Provider assessments and navigating complex, multi-framework audit environments spanning multiple business units or legal entities.
- Demonstrated ability to work cross-functionally with control owners and operational teams, holding stakeholders accountable to their compliance obligations while maintaining strong working relationships.
- Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.
- Ability to influence and manage cross-functional stakeholders at all levels — from engineers to executives — with clarity, diplomacy, and conviction.
- Skilled at translating compliance requirements into business-relevant language that drives enablement rather than friction.
- PCI ISA, CISA, CISSP, or equivalent audit/security certification strongly preferred.
- Prior experience at a Big 4 advisory or audit firm (Deloitte, PwC, EY, KPMG) in an IT audit, risk advisory, or security compliance capacity is a strong plus.
- Experience applying GRC frameworks in cloud-native environments and familiarity with modern cloud security tooling.
Benefits
Comp & perks- Inclusion and belonging initiatives
- Reasonable accommodations for individuals with disabilities
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Information SecurityIT AuditCompliance ManagementRisk AssessmentControl Gap RemediationEvidence StrategyAudit Findings TrackingNetwork SegmentationData Flow IsolationRegulatory Requirements
Soft Skills
Stakeholder ManagementCross-Functional CollaborationInfluencing SkillsCommunication SkillsRelationship Building
Certifications
PCI ISACISACISSP